We have an unprecedented event happening with the COVID-19, coronavirus, worldwide pandemic. More people are working from home now than ever before.
At Loffler we are fortunate to have the means for most of our workforce to work from home to help slow the spread of the virus. Many of our clients and partners in the community find themselves in the same position.
Because of this, many malicious organizations have taken to attacking remote employees through various means. We assembled some advice for keeping your family and your organization safe from cyber-attacks while working from home.
COVID-19 Phishing and Malware Scams
We've all seen emails and websites promising to keep us safe from the COVID-19 pandemic. They offer news, statistics, tracking and safety advice. Many are scams: fronts for malware or ransomware and/or phishing to steal passwords and data.
Be wary of any emails, websites, links or downloads offering help related to the coronavirus. Do not download anything or enter credentials – usernames, passwords, bank account/credit card numbers, Social Security numbers, etc. – until and unless you’ve confirmed the validity of the source of information. Make sure the links you click come from trusted sources. If you're unsure of a link sent by someone you know, ask them.
Examples of malicious emails, websites and apps right now:
- Links to login screens to access documents (OneDrive, Office 365, Google Drive, Dropbox or other cloud-hosted document services)
- Websites and apps that show heat maps and statistics of coronavirus spread around the world
- False emails from a university to its students, or from a business to its employees, promising updates about closures
- Emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention
Many of us are eager to click on the information offered in the examples above right now, either to do our jobs remotely or to stay on top of world events. None of these deceptive methods are new – world events have been targets for years. But websites and emails with malicious intent are rampant surrounding the COVID-19 pandemic. We should all be prepared and vigilant.
At the same time, many of us are working at home. Much of the workforce is new to remote work. We’re in a new environment, with new distractions. We all need to stay focused on potential threats to keep our families and our organizations safe from threats.
Cybersecurity Advice for Working from Home During COVID-19
Steps you can take to avoid getting your computers and computing devices hacked. (Note that these are subject to the policies put in place by your employer.)
- Do not share your work laptop with family members. Do not let family members on your home PC if it's connected to your work PC, and do not connect any of your home computers to your organization’s VPN.
- Try to work in a secure environment, a home office or spare room. If you can’t, keep your work equipment and papers in a safe space.
- Keep your operating system up to date. Your company likely manages updates for your company-owned PC or laptop, but they cannot manage your home PC. If you have a Windows home computer(s), make sure you are using the built-in security update features to keep them up to date. Mac operating systems also have built-in security updating.
- Install and scan your computer with anti-virus software. If you have a company PC or laptop, you likely already have this. If you have a home computer, there should be a security center for all your security settings. Try typing "security" in your local search bar and see if you have anti-virus software installed.
- Make sure you have your in-home wireless router up to date. Find the installation quick start guides or find the model number and search the internet for the support for the device. You can also call your internet provider if they supplied you with wireless access. Chances are it has an update feature.
- Make sure your smart home devices are up to date. If they have passwords, make sure they are secured and not the same as any other passwords you are using.
- If you haven’t already, update your mobile phone’s software. Also, set your mobile device(s) to automatically update.
- Be careful about opening your personal email. Do not fall for claims of websites and apps that will tell you about the coronavirus or related scams.
People working from home are targets. The current scams look real, and it’s easy to be fooled. Stay vigilant and be suspicious of all emails and websites until you can confirm they are safe.
Mike is the Vice President of Information Technology at Loffler. He has been in the IT field since 1993 and was previously an owner of a successful IT solution provider for 12 years. Mike has managed both security and managed service teams and consulted on IT management for both large and SMB organizations. Little known fact: While in college, Mike was the lead singer for a garage band called Mojo and the Kingsnakes. This is now known as “Classic Rock."
